[64879] in North American Network Operators' Group
Re: Hijacked IP space.
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue Nov 4 05:25:10 2003
Date: Tue, 04 Nov 2003 05:24:16 -0500
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: Jamie Reid <Jamie.Reid@mbs.gov.on.ca>
Cc: chucklist@forest.net, nanog@merit.edu
In-Reply-To: <sfa7129e.064@imail.mbs.gov.on.ca>
Errors-To: owner-nanog-outgoing@merit.edu
Jamie Reid writes on 11/4/2003 12:54 AM:
> Are they taking advantage of sloppy redistribution configurations, 0wning
> routers, spoofing OSPF updates, taking advantage of default static
> routes, or is there something more complicated at work?
Sometimes as simple as social engineering - a company goes out of
business, but still has a /16 allocated to it. So what happens is that
some fake letterheads get typed up (and possibly the company name
re-registered "under new management), and a request for routing these
blocks goes out ...
Then you get (say) a T1 from some random ISP, and then get them to
announce the /16.
srs
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
